Wireless computer networks could be secured against fraud and identity theft using a novel cryptographic protocol designed to keep passwords safe from prying eyes.

Markus Jakobsson and Steve Myers of Indiana University, US, demonstrated the new security scheme, dubbed "delayed password disclosure", at the American Association for the Advancement of Science meeting in Washington DC on Saturday.

How is this different from PSK?

Existing security protocols focus on securing the link between two machines to counteract eavesdropping. But making sure that a computer is connected to a legitimate access point in the first place is also important. If a hacker uses his computer as a fake access point and then relays the messages on to a real one, the information can be stolen covertly.

The delayed password disclosure protocol counteracts this threat by allowing both parties use a pre-arranged password or pin for authentication, but preventing this from being revealed during communications.

A mathematical function is applied to the agreed code by the user who initiates the wireless link, turning it into an incoherent string of bits. At the other end of the link, another mathematical function is applied to the string and it is sent back to the user.

The resulting code can then be mathematically checked to confirm that the person at the other end of the link shares the same secret password or pin.